Government Demanding More And More Info On Google Users Without Any Oversight

from the ecpa-reform-now dept

Google's latest transparency report, once again, highlights why we need ECPA reform in the US as soon as possible. ECPA -- the Electronic Communications Privacy Act -- is an outdated law that was supposed to be about protecting user privacy, but was written nearly three decades ago and now does exactly the opposite. Beyond being complex in ridiculous and unnecessary ways, things that were true decades ago are no longer the case. For example, the idea that emails left for 180 days on a server no longer need a warrant because under ECPA they are considered "abandoned." Whereas in the real world, where all email lives on servers for quite some time, that idea makes no sense.

Either way, the report makes clear that US government agencies are well aware that they can go trolling through Google to get information on people with little oversight. Requests -- especially requests that are purely a subpoena (with no judicial oversight) appear to continue to rise:

The largest part of that chart is the government subpoenas, meaning no judge had to look them over first:

68 percent of the requests Google received from government entities in the U.S. were through subpoenas. These are requests for user-identifying information, issued under the Electronic Communications Privacy Act (“ECPA”), and are the easiest to get because they typically don't involve judges.

Unfortunately, Congress had a chance to reform ECPA last year, and the Senate Judiciary Committee even approved it. But, right at the end of the year, Congress passed a separate bill that had been attached to ECPA reform by itself... and left ECPA reform to rot.

Reader Comments

Google's latest transparency report, once again, highlights why we need ECPA reform in the US as soon as possible.

But wouldn't you have to live in a world that didn't have the ECPA before you could make that call? I mean, how do you know for sure until you have a world with the ECPA and a world without? Surely you need lots more data first, right?

Re:

Weird accounts

180 days and emails are classified as "abandoned"? Hmm.

Makes no sense now that Google offers something crazy like 10GB of storage.

Also, what about ACCOUNTS that are abandoned? over the years, I think I have about 10 or 15 email accounts I don't know the password to. Some created back when Hotmail only had a 50 or 100mb limit per account. If someone requests the emails from those accounts, does this mean the Government can read emails from them?

There's likely very little there, my guess is mostly spam and such. But if an ex sent an email to an account setup while in gradeschool or college, I'd have issue with Government being able to read it and not myself!

So that said, how can I use the same backdoors to an account I can't remember the password to; for legitimate purposes, of course.

Any action by government that doesn't require a warrant should be permissible to the public at large.

The warrant is the special step that government takes to get a seal of approval on an otherwise unacceptable action. If no warrant is needed, that is because the government is not doing something that would otherwise break the law.

If it is illegal for me to get the emails-older-than-180-days of your everyday politician, then government officials should need to get a warrant to read my emails. Ditto for warrantless wiretapping warrantless tracking devices.

Re:

If only democracy actually worked this way. Accountability, oversight, government representing the citizenry and equality are supposed to be the cornerstone of a democracy. I agree wholeheartedly with your sentiment but fail to see it practised rigorously in any democracy anywhere. The overwhelming attitude of politicians and government seems to be that they "know better" than the general populace and are therefore somehow entitled to behave in a manner that would not be acceptable in the "common man".

Re: Re:

It's interesting. I have some sort of group e-mail where we exchange messages anonymously with each other for fun. The address is something close to "bloody dismemberment" or whatever you say that in English. It's amusing, even Oprah has visited my mailbox a while back. And we had a spree recently where everybody started using Google Translator to post stuff in Arabic (Allah and Mohamed were there! There were bombs and so on), Chinese, Russian and others. I'm telling this story because I try to guess who is online at a given time by checking the IPs from the sessions Google registers and suddenly I saw a session from the United States. I asked my friends if they used some VPN or if their companies have something in the US or whatever that could explain it. We were all puzzled and just logged that session out and changed the password. Notice that none of us is the dumb type that will compromise the password... Very weird.

In any case, this article is yet another evidence that the US Govt has run out of control.

Could be interesting

I don't know too much about this, but does this include things like corporate email as well? Can law enforcement just come in without a subpoena and take emails from my work account? Its all hosted on a server we own in our own data center.

It could be interesting if email services like gmail and yahoo started implementing a system where after 180 days, it would automatically make a copy of the email and delete the original, essentially restarting the day count.